Fail2ban

Description

While each server environment is unique and has its own set of demands based on what’s being hosted on it and who needs access to it, there are some basic things like Fail2ban which are in the standard toolset for anyone concerned with security.

Fail2ban scans log files (e.g. /var/log/httpd/error_log) and bans IPs that show the malicious signs — too many password failures, seeking for exploits, etc. Generally Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (Apache httpd, postfix, courier, ssh, etc).